CVE-2025-25776

Published Apr 28, 2025

Last updated 2 months ago

CVSS medium 5.0

Overview

Description: Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5
Impact score: 2.7
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-79

Hype score: Not currently trending

CVE-2025-25776 Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to e… https://t.co/k2sUexpPV8
@CVEnew
28 Apr 2025
338 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA1ACB32-C553-48FC-B080-3F88DF091093"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.